Privacy Policy

Last updated: January 2026. This policy explains how Staffpoint Recruitment collects, uses and protects your personal data in accordance with UK GDPR and the Data Protection Act 2018.

Data Controller: Staffpoint Recruitment, hello@staffpoint.co.uk. We are registered as a Data Controller with the Information Commissioner's Office (ICO). Our ICO registration is pending — once issued, our registration number will be published here. To exercise any of your rights under UK GDPR, please contact us at hello@staffpoint.co.uk.

1. Who we are

Staffpoint Recruitment ("Staffpoint", "we", "us", "our") is a specialist recruitment consultancy placing operations and technology professionals at UK SMEs and scale-ups. We operate as a Data Controller under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This Privacy Policy explains how we collect, process, store and protect your personal data when you interact with us, our website, or our recruitment services.

2. The personal data we collect

Candidates

When you register with us or we identify you as a potential candidate, we may collect:

  • Full name, contact details (email, phone, address)
  • CV, work history, qualifications and professional experience
  • Details of your job search preferences, salary expectations and availability
  • Information you share during screening conversations or interviews
  • References (only obtained with your explicit consent and only after an offer is made)
  • Right to work information (passport, visa status) — only requested at offer stage

Clients (employers)

When you engage Staffpoint to find candidates for your organisation, we may collect:

  • Name, job title, business email and phone number
  • Organisation name, address and company registration details
  • Details of the roles you are looking to fill and your hiring requirements
  • Communication history with our consultants

Website visitors

When you visit staffpoint.co.uk we may collect:

  • Technical information including IP address, browser type and pages visited
  • Information submitted through our contact form

3. How and why we use your personal data

We only collect and use personal data where we have a lawful basis to do so under UK GDPR. The lawful bases we rely on are:

  • Legitimate interests (Article 6(1)(f)): to match candidates with suitable roles, to contact candidates about relevant opportunities, and to maintain our client relationships. Our legitimate interests are balanced against your rights and we will always respect requests to stop processing.
  • Contract performance (Article 6(1)(b)): where we have entered into a contract with you as a client, or where you have formally registered with us as a candidate.
  • Legal obligation (Article 6(1)(c)): where we are required by law to process your data, for example right to work checks.
  • Consent (Article 6(1)(a)): where we have specifically asked for and received your consent to a particular use of your data.

Specifically, we use your data to:

  • Match your profile against suitable roles and introduce you to appropriate employers (candidates)
  • Source and assess candidates for your vacancies (clients)
  • Communicate with you about opportunities, progress and relevant market information
  • Fulfil our contractual and legal obligations
  • Improve our services and respond to enquiries

4. Sharing your personal data

We will never share your personal data with third parties for marketing purposes. We will never sell your data. Your CV and personal details will only ever be shared with a specific employer with your explicit prior consent for each submission.

We may share your data with:

  • Prospective employers — only with your knowledge and consent for each specific role
  • Technology service providers — such as our email provider and any CRM system we use, all of whom are bound by data processing agreements and UK GDPR compliance obligations
  • Legal or regulatory authorities — where required by law

5. How long we keep your data

We retain personal data only for as long as necessary for the purpose for which it was collected:

  • Candidate data: We retain active candidate records for up to 2 years from your last meaningful interaction with us. After this period we will contact you to confirm you wish to remain on our database, or we will securely delete your data.
  • Placed candidate data: Where a placement is made, we retain records for 6 years from the date of placement for legitimate business and legal purposes.
  • Unsuccessful applications: We retain these for 6 months to respond to any employment tribunal claims, then delete them securely.
  • Client data: We retain contact records for active clients throughout our relationship plus 6 years for contract and invoice records.
  • Website enquiries: Contact form submissions are retained for 12 months.

6. Your rights under UK GDPR

You have the following rights regarding your personal data. To exercise any of these rights, contact us at hello@staffpoint.co.uk. We will respond within one calendar month:

  • Right of access: You can request a copy of the personal data we hold about you.
  • Right to rectification: You can ask us to correct inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten"): You can ask us to delete your personal data. We will comply unless we have a legal obligation to retain it.
  • Right to restrict processing: You can ask us to pause processing of your data in certain circumstances.
  • Right to data portability: You can request your data in a structured, machine-readable format.
  • Right to object: You can object to processing based on legitimate interests. We will stop unless we can demonstrate compelling legitimate grounds.
  • Rights related to automated decision-making: We do not make solely automated decisions that significantly affect you. All candidate assessments involve human review.

If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

7. Data security

We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, destruction or alteration. All data transmitted to and from our website is encrypted using SSL/TLS. Access to candidate and client data is restricted to authorised personnel only.

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and notify affected individuals without undue delay where required.

8. International data transfers

We process your personal data within the UK and European Economic Area. Where any data is transferred outside these regions (for example through cloud service providers), we ensure appropriate safeguards are in place in accordance with UK GDPR Chapter V.

9. Cookies

Our website uses cookies. Please see our Cookie Policy for full details of what cookies we use and how to control them.

10. Links to other websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and recommend you read their privacy policies before sharing any personal data.

11. Changes to this policy

We may update this Privacy Policy from time to time. The date at the top of this page indicates when it was last revised. We recommend reviewing this page periodically. For significant changes, we will notify you directly where we hold your contact details.

12. Contact us

For any questions about this Privacy Policy, to exercise your data rights, or to raise a concern about how we handle your data, please contact us:

Staffpoint Recruitment
Email: hello@staffpoint.co.uk
Website: staffpoint.co.uk

We aim to respond to all data-related requests within one calendar month. For urgent matters, please mark your email "Data Rights Request — Urgent".